Skip to main content
CVE-2022-2888 MEDIUM POC PATCH This Month

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-3233 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2881 HIGH PATCH This Week

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Bind
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2022-40616 HIGH This Week

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41244 HIGH This Week

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins View26 Test Reporting
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41243 HIGH This Week

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Smalltest
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41232 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Build Publisher
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-2265 HIGH This Week

The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Identity And Directory Management System
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3252 HIGH This Week

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swift Nio Extras
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3080 HIGH PATCH This Week

By sending specific queries to the resolver, an attacker can cause named to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-38178 HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-38177 HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-2906 HIGH PATCH This Week

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Bind
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-40604 HIGH PATCH This Week

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-39221 HIGH PATCH This Week

McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Mcwebserver Minecraft Mod For Fabric And Quilt Mcwebserver Minecraft Mod For Forge
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40217 HIGH This Week

Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpide
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-36386 HIGH This Week

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Wp All Import
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41255 MEDIUM This Month

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Cons3Rt
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41254 MEDIUM This Month

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cons3Rt
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41250 MEDIUM This Month

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Scm Httpclient
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41246 MEDIUM This Month

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Worksoft Execution Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40754 MEDIUM PATCH This Month

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Open Redirect Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-41231 MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Build Publisher
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2022-40219 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress CSRF Favicon Switcher
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-38073 MEDIUM PATCH This Month

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Awesome Support
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36390 MEDIUM This Month

Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar - Calendar plugin <= 1.4.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Event Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36383 MEDIUM This Month

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wha Wordsearch
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41242 MEDIUM This Month

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Extreme Feedback
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41240 MEDIUM This Month

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Walti
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41239 MEDIUM This Month

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dotci
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41229 MEDIUM PATCH This Month

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41225 MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchore Container Image Scanner
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41224 MEDIUM PATCH This Month

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-37246 MEDIUM PATCH This Month

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41248 MEDIUM This Month

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bigpanda Notifier
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-41235 MEDIUM This Month

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wildfly Deployer
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2795 MEDIUM PATCH This Month

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-41252 MEDIUM This Month

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cons3Rt
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41251 MEDIUM This Month

A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Apprenda
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41247 MEDIUM This Month

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bigpanda Notifier
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-41233 MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41230 MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Build Publisher
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-31679 LOW PATCH Monitor

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Spring Data Rest
NVD
CVSS 3.1
3.7
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy